GNU bug report logs - #4197
23.1; error when try to run `server-start': directory .emacs.d/server is unsafe

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: "Drew Adams" <drew.adams@HIDDEN>; merged with #865, #3281, #8787; dated Thu, 20 Aug 2009 20:34:41 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.
Merged 865 3281 4197 8787. Request was from Glenn Morris <rgm@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 24 Aug 2009 01:05:56 +0000
From monnier@HIDDEN Sun Aug 23 18:05:55 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,HAS_BUG_NUMBER,
	MURPHY_SEX_L2 autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7O15rhh024860
	for <4197@HIDDEN>; Sun, 23 Aug 2009 18:05:55 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AroFAJOEkUpFpYuS/2dsb2JhbACBU9AehBoFgVGGCQ
X-IronPort-AV: E=Sophos;i="4.44,261,1249272000"; 
   d="scan'208";a="44051789"
Received: from 69-165-139-146.dsl.teksavvy.com (HELO ceviche.home) ([69.165.139.146])
  by ironport2-out.teksavvy.com with ESMTP; 23 Aug 2009 21:04:52 -0400
Received: by ceviche.home (Postfix, from userid 20848)
	id E2E37B40F3; Sun, 23 Aug 2009 18:30:08 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Cc: drew.adams@HIDDEN, 4197 <at> debbugs.gnu.org
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory .emacs.d/server is	unsafe
Message-ID: <jwvbpm69nb3.fsf-monnier+emacsbugreports@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>
	<83ocq9h63s.fsf@HIDDEN>
	<2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>
	<83bpm9gj0d.fsf@HIDDEN>
	<CACF9392E6804A61B2F604F4D53005C4@HIDDEN>
	<jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
	<83y6pcff0d.fsf@HIDDEN>
	<jwvab1rb8o8.fsf-monnier+emacsbugreports@HIDDEN>
	<83fxbjfc5g.fsf@HIDDEN>
Date: Sun, 23 Aug 2009 18:30:08 -0400
In-Reply-To: <83fxbjfc5g.fsf@HIDDEN> (Eli Zaretskii's message of "Sun, 23 Aug
	2009 06:21:31 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

>> For a FAT32 system under w32, we probably don't need a prompt either (we
>> should just skip the test instead) either the user is aware of the
>> inherent insecurity of his system (in which case we can go on and ignore
>> the problem without prompting), or he's not, in which case a prompt will
>> just confuse him even more.

> The user might have more than one filesystem on her machine.  Telling
> her that the one she uses for ~/.emacs_d is insecure might cause her
> to change her configuration, I think.

Could be.  But I don't think this slim hope warrants imposing a prompt
on all the other lusers.  A message should be sufficient.


        Stefan



Acknowledgement sent to Stefan Monnier <monnier@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 23 Aug 2009 03:21:42 +0000
From eliz@HIDDEN Sat Aug 22 20:21:41 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-3.1 required=4.0 tests=AWL,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout5.012.net.il (mtaout5.012.net.il [84.95.2.13])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7N3Ledg024452
	for <4197@HIDDEN>; Sat, 22 Aug 2009 20:21:41 -0700
Received: from conversion-daemon.i_mtaout5.012.net.il by i_mtaout5.012.net.il (HyperSendmail v2004.12) id <0KOT00E007NR7600@i_mtaout5.012.net.il> for 4197@HIDDEN; Sun, 23 Aug 2009 06:21:32 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i_mtaout5.012.net.il (HyperSendmail v2004.12) with ESMTPA id <0KOT001CV7ZVTG01@i_mtaout5.012.net.il>; Sun, 23 Aug 2009 06:21:32 +0300 (IDT)
Date: Sun, 23 Aug 2009 06:21:31 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory .emacs.d/server is	unsafe
In-reply-to: <jwvab1rb8o8.fsf-monnier+emacsbugreports@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Stefan Monnier <monnier@HIDDEN>
Cc: drew.adams@HIDDEN, 4197 <at> debbugs.gnu.org
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <83fxbjfc5g.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN> <83y6pcff0d.fsf@HIDDEN> <jwvab1rb8o8.fsf-monnier+emacsbugreports@HIDDEN>

> From: Stefan Monnier <monnier@HIDDEN>
> Cc: drew.adams@HIDDEN,  4197@HIDDEN
> Date: Sat, 22 Aug 2009 21:57:49 -0400
> 
> For a FAT32 system under w32, we probably don't need a prompt either (we
> should just skip the test instead) either the user is aware of the
> inherent insecurity of his system (in which case we can go on and ignore
> the problem without prompting), or he's not, in which case a prompt will
> just confuse him even more.

The user might have more than one filesystem on her machine.  Telling
her that the one she uses for ~/.emacs_d is insecure might cause her
to change her configuration, I think.



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 23 Aug 2009 01:57:55 +0000
From monnier@HIDDEN Sat Aug 22 18:57:55 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-4.7 required=4.0 tests=AWL,FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7N1vr2v010559
	for <4197@HIDDEN>; Sat, 22 Aug 2009 18:57:55 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArwEAMs+kEpFxIHU/2dsb2JhbACBUtELhBoFgVGGCQ
X-IronPort-AV: E=Sophos;i="4.44,258,1249272000"; 
   d="scan'208";a="44029807"
Received: from 69-196-129-212.dsl.teksavvy.com (HELO ceviche.home) ([69.196.129.212])
  by ironport2-out.teksavvy.com with ESMTP; 22 Aug 2009 21:57:05 -0400
Received: by ceviche.home (Postfix, from userid 20848)
	id 702CEB40E6; Sat, 22 Aug 2009 21:57:49 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Cc: drew.adams@HIDDEN, 4197 <at> debbugs.gnu.org
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory .emacs.d/server is	unsafe
Message-ID: <jwvab1rb8o8.fsf-monnier+emacsbugreports@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>
	<83ocq9h63s.fsf@HIDDEN>
	<2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>
	<83bpm9gj0d.fsf@HIDDEN>
	<CACF9392E6804A61B2F604F4D53005C4@HIDDEN>
	<jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
	<83y6pcff0d.fsf@HIDDEN>
Date: Sat, 22 Aug 2009 21:57:49 -0400
In-Reply-To: <83y6pcff0d.fsf@HIDDEN> (Eli Zaretskii's message of "Sat, 22 Aug
	2009 11:07:30 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

>> > I think Emacs should be able to coexist and behave nicely with
>> > FAT32 - don't
>> IIUC how Windows on FAT32 works, using emacsserver on such a system
>> means that any process running on this machine (from your own user or
>> any other user) can control your Emacs session.
> That's true.  There's no file security on FAT32 volumes.
> I was thinking about displaying yes-or-no-p prompt with a warning to
> that effect, but if the user consents, letting them to proceed.  Maybe
> we should do that on Posix as well, instead of flatly refusing to run.

I don't see a need for a prompt under POSIX.
For a FAT32 system under w32, we probably don't need a prompt either (we
should just skip the test instead) either the user is aware of the
inherent insecurity of his system (in which case we can go on and ignore
the problem without prompting), or he's not, in which case a prompt will
just confuse him even more.


        Stefan



Acknowledgement sent to Stefan Monnier <monnier@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 23 Aug 2009 01:57:55 +0000
From monnier@HIDDEN Sat Aug 22 18:57:55 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-4.8 required=4.0 tests=AWL,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7N1vr2u010559
	for <4197@HIDDEN>; Sat, 22 Aug 2009 18:57:54 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArwEAMs+kEpFxIHU/2dsb2JhbACBUtELhBoFgVGGCQ
X-IronPort-AV: E=Sophos;i="4.44,258,1249272000"; 
   d="scan'208";a="44029805"
Received: from 69-196-129-212.dsl.teksavvy.com (HELO ceviche.home) ([69.196.129.212])
  by ironport2-out.teksavvy.com with ESMTP; 22 Aug 2009 21:57:03 -0400
Received: by ceviche.home (Postfix, from userid 20848)
	id 06488B40E6; Sat, 22 Aug 2009 21:57:47 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Lennart Borgman <lennart.borgman@HIDDEN>
Cc: 4197 <at> debbugs.gnu.org, Jason Rumney <jasonr@HIDDEN>
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory .emacs.d/server is unsafe
Message-ID: <jwv4orzb8fi.fsf-monnier+emacsbugreports@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>
	<83ocq9h63s.fsf@HIDDEN>
	<2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>
	<83bpm9gj0d.fsf@HIDDEN>
	<CACF9392E6804A61B2F604F4D53005C4@HIDDEN>
	<jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
	<4A8FC00B.9030406@HIDDEN> <83ocq8f864.fsf@HIDDEN>
	<4A9023ED.5020007@HIDDEN>
	<e01d8a50908221010h2e368c57l5fdfd4f348f79c3e@HIDDEN>
Date: Sat, 22 Aug 2009 21:57:47 -0400
In-Reply-To: <e01d8a50908221010h2e368c57l5fdfd4f348f79c3e@HIDDEN>
	(Lennart Borgman's message of "Sat, 22 Aug 2009 19:10:06 +0200")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

> Didn't someone write an implementation of emacsclient on w32 using
> Named Pipes? Would not that also be preferrable to avoid problems with
> firewalls on the local computer?

The generic code works well, so we shouldn't expend efforts on
supporting another protocol.  If we can support Unix sockets under w32,
that would be an acceptable alternative.  But in any case, the check
made by emacsserver is meaningless in an unsecure system such as
w32-on-fat32, so we should just skip it in such a circumstance.


        Stefan



Acknowledgement sent to Stefan Monnier <monnier@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 17:10:31 +0000
From lennart.borgman@HIDDEN Sat Aug 22 10:10:31 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.3 required=4.0 tests=AWL,FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.242])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7MHATOC010909
	for <4197@HIDDEN>; Sat, 22 Aug 2009 10:10:30 -0700
Received: by an-out-0708.google.com with SMTP id b2so624435ana.31
        for <4197@HIDDEN>; Sat, 22 Aug 2009 10:10:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :from:date:message-id:subject:to:cc:content-type
         :content-transfer-encoding;
        bh=S+KzHhnmwvav9pdzKKJWowjngZMCywkC98TujxT6myg=;
        b=VVfScZ7azbd5z1HjeO4UHm/EqNYLAS+z2HH9RrwQvbdXtAq0p7EYWvA/EN4g/3dZv0
         ymEIF9RpscC9LM6nQH+2BSyH/vHuWK40dmho9VXxA9EJZ479+eHiT3OHbnW2Pa3i+e76
         965yMqbQLUVnzomOZIPekh/E/OeJQk5DqLqCo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type:content-transfer-encoding;
        b=n289p+WewoW9gEa7SwMGp6MnlKBPJ08rkYeDe4YlnJnmhgt+j+rrj2bIDm3rSpuCrp
         8/9OQ/B858K5k/HhjUBjE9/JAp4FUc8eCAXSlI1iq4jzijTCotItoWZjr41HZYlk+qUX
         xKLCupeLen25dHQcepy87gYDoFc7YvWabCojQ=
MIME-Version: 1.0
Received: by 10.101.113.7 with SMTP id q7mr2533470anm.196.1250961026098; Sat, 
	22 Aug 2009 10:10:26 -0700 (PDT)
In-Reply-To: <4A9023ED.5020007@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> 
	<83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> 
	<83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> 
	<jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN> <4A8FC00B.9030406@HIDDEN> 
	<83ocq8f864.fsf@HIDDEN> <4A9023ED.5020007@HIDDEN>
From: Lennart Borgman <lennart.borgman@HIDDEN>
Date: Sat, 22 Aug 2009 19:10:06 +0200
Message-ID: <e01d8a50908221010h2e368c57l5fdfd4f348f79c3e@HIDDEN>
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory 
	.emacs.d/server is unsafe
To: Jason Rumney <jasonr@HIDDEN>, 4197 <at> debbugs.gnu.org
Cc: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 22, 2009 at 6:59 PM, Jason Rumney<jasonr@HIDDEN> wrote:
> Eli Zaretskii wrote:
>>
>> Sorry, I don't quite understand your suggestion. =C2=A0NT file security
>> cannot be used on FAT32 volumes, even if the OS is of the NT family
>> (Windows 2000, XP, etc.). =C2=A0So, if you meant to use the NT file
>> security as the back-end of the abstraction you propose, that back-end
>> will be inoperable on FAT32 volumes, even for Windows XP.
>>
>
> No, I mean instead of using the file system, which is only secure if it i=
s
> NTFS, use Access Tokens, or switch to using Named Pipes instead of a TCP
> socket, so that a Security Descriptor can be attached to it.

Didn't someone write an implementation of emacsclient on w32 using
Named Pipes? Would not that also be preferrable to avoid problems with
firewalls on the local computer?

But what about connecting to servers on other hosts? Or is that
perhaps not something that can be done? Or can that possibility be
kept open by also allowing for using TCP on w32?



Acknowledgement sent to Lennart Borgman <lennart.borgman@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 17:00:23 +0000
From jasonrumney@HIDDEN Sat Aug 22 10:00:22 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.9 required=4.0 tests=FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mail-ew0-f221.google.com (mail-ew0-f221.google.com [209.85.219.221])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7MH0Kxs008416
	for <4197@HIDDEN>; Sat, 22 Aug 2009 10:00:22 -0700
Received: by ewy21 with SMTP id 21so1413215ewy.45
        for <4197@HIDDEN>; Sat, 22 Aug 2009 10:00:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:sender:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=yJPYNvBC13rMvSp/PpfRKc2MUwPS3sTkVK5xw3DecNo=;
        b=IBWYEN3DagZDbRvwJ+fgOlRa7aiDRKNzeOSco7pEzpsV5ryL8AQYhjf46pQXIWd0Zi
         NgV1NoEg0JVUJtqOqvLo9F3Wo2r8hGVvJJ2qO98rmisQJ/B4s8HE7QyJFnRg3QvMhqtz
         vOrEU+0rYh/wA13d3qbfs4zx7Z8UsBL35QoNg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=sender:message-id:date:from:user-agent:mime-version:to:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        b=FBx5BVmjErEFfUrSHAESydMWwMvzslRDlUJb6O1qF96lmcOtA/Q6Jd7LOdNqIwm8EM
         V1pCnKF2ak+ouqM+9R6ubesi0PUWQA/jm35JuTJXBxwdRmB1gvodq3IXg/sLyVEKH4ws
         I4CEU1RaGDO0iuGTslxmcF7UUBqCKwaaqBk1w=
Received: by 10.210.136.10 with SMTP id j10mr23025ebd.82.1250960414938;
        Sat, 22 Aug 2009 10:00:14 -0700 (PDT)
Received: from ?10.1.0.178? ([89.206.134.87])
        by mx.google.com with ESMTPS id 24sm3040039eyx.23.2009.08.22.10.00.12
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sat, 22 Aug 2009 10:00:12 -0700 (PDT)
Sender: Jason Rumney <jasonrumney@HIDDEN>
Message-ID: <4A9023ED.5020007@HIDDEN>
Date: Sun, 23 Aug 2009 00:59:25 +0800
From: Jason Rumney <jasonr@HIDDEN>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Eli Zaretskii <eliz@HIDDEN>, 4197 <at> debbugs.gnu.org
Subject: Re: bug#4197: 23.1; error when try to run `server-start':	directory
 .emacs.d/server	is	unsafe
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>	<83ocq9h63s.fsf@HIDDEN>	<2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>	<83bpm9gj0d.fsf@HIDDEN>	<CACF9392E6804A61B2F604F4D53005C4@HIDDEN>	<jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>	<4A8FC00B.9030406@HIDDEN> <83ocq8f864.fsf@HIDDEN>
In-Reply-To: <83ocq8f864.fsf@HIDDEN>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eli Zaretskii wrote:
> Sorry, I don't quite understand your suggestion.  NT file security
> cannot be used on FAT32 volumes, even if the OS is of the NT family
> (Windows 2000, XP, etc.).  So, if you meant to use the NT file
> security as the back-end of the abstraction you propose, that back-end
> will be inoperable on FAT32 volumes, even for Windows XP.
>   
No, I mean instead of using the file system, which is only secure if it 
is NTFS, use Access Tokens, or switch to using Named Pipes instead of a 
TCP socket, so that a Security Descriptor can be attached to it.




Acknowledgement sent to Jason Rumney <jasonr@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 10:38:21 +0000
From eliz@HIDDEN Sat Aug 22 03:38:21 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-3.1 required=4.0 tests=AWL,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout7.012.net.il (mtaout7.012.net.il [84.95.2.19])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7MAcJWN004274
	for <4197@HIDDEN>; Sat, 22 Aug 2009 03:38:21 -0700
Received: from conversion-daemon.i-mtaout7.012.net.il by i-mtaout7.012.net.il (HyperSendmail v2007.08) id <0KOR00D00X380700@HIDDEN> for 4197@HIDDEN; Sat, 22 Aug 2009 13:37:25 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i-mtaout7.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KOR00DYBXI0Y500@HIDDEN>; Sat, 22 Aug 2009 13:37:13 +0300 (IDT)
Date: Sat, 22 Aug 2009 13:35:15 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory	.emacs.d/server	is	unsafe
In-reply-to: <4A8FC00B.9030406@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Jason Rumney <jasonr@HIDDEN>, 4197 <at> debbugs.gnu.org
Cc: monnier@HIDDEN
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <83ocq8f864.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN> <4A8FC00B.9030406@HIDDEN>

> Date: Sat, 22 Aug 2009 17:53:15 +0800
> From: Jason Rumney <jasonr@HIDDEN>
> Cc: 
> 
> Yes. The security feature of emacsclient should probably be abstracted 
> so that appropriate methods for the platform can be used.  Then on 
> Windows (NT) we could use Security Descriptors directly without relying 
> on the filesystem to be secure.

Sorry, I don't quite understand your suggestion.  NT file security
cannot be used on FAT32 volumes, even if the OS is of the NT family
(Windows 2000, XP, etc.).  So, if you meant to use the NT file
security as the back-end of the abstraction you propose, that back-end
will be inoperable on FAT32 volumes, even for Windows XP.



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 10:09:10 +0000
From eliz@HIDDEN Sat Aug 22 03:09:10 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,GMAIL,HAS_BUG_NUMBER,
	MURPHY_DRUGS_REL8 autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout3.012.net.il (mtaout3.012.net.il [84.95.2.7])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7MA9816031414
	for <4197@HIDDEN>; Sat, 22 Aug 2009 03:09:09 -0700
Received: from conversion-daemon.i_mtaout3.012.net.il by i_mtaout3.012.net.il (HyperSendmail v2004.12) id <0KOR00400VXKD600@i_mtaout3.012.net.il> for 4197@HIDDEN; Sat, 22 Aug 2009 13:09:02 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i_mtaout3.012.net.il (HyperSendmail v2004.12) with ESMTPA id <0KOR00CINW71GO80@i_mtaout3.012.net.il>; Sat, 22 Aug 2009 13:09:01 +0300 (IDT)
Date: Sat, 22 Aug 2009 13:07:04 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server	is	unsafe
In-reply-to: <834os0hpld.fsf@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: 4197 <at> debbugs.gnu.org
Cc: drew.adams@HIDDEN
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <83r5v4f9h3.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <838whdggwz.fsf@HIDDEN> <6020B772F1FA4D3BB5EFF3426271FC41@HIDDEN> <834os0hpld.fsf@HIDDEN>

> Date: Fri, 21 Aug 2009 23:35:58 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 4197@HIDDEN
> 
> > From: "Drew Adams" <drew.adams@HIDDEN>
> > Cc: <4197@HIDDEN>, <lennart.borgman@HIDDEN>
> > Date: Fri, 21 Aug 2009 11:55:27 -0700
> > 
> > But if the default value of the variable is inappropriate for some platform
> > (disk format), then it should be changed - at least on that platform.
> > 
> > Can you not test for this (e.g. using code similar to what you asked me to
> > evaluate to test this), and set the default value accordingly?
> 
> I don't think we need to change the value of
> w32-get-true-file-attributes on FAT32 volumes.  All we need is fix
> server.el to not barf on FAT32 volumes.  I'll see what I can do.

Can you please try the following patch to server.el?  It is checked in
on the release branch.

2009-08-22  Eli Zaretskii  <eliz@HIDDEN>

	* server.el (server-ensure-safe-dir): Disable the security check
	for Windows.

Index: lisp/server.el
===================================================================
RCS file: /cvsroot/emacs/emacs/lisp/server.el,v
retrieving revision 1.192
diff -u -r1.192 server.el
--- lisp/server.el	10 Mar 2009 14:09:26 -0000	1.192
+++ lisp/server.el	22 Aug 2009 10:06:05 -0000
@@ -452,9 +452,10 @@
     (unless attrs
       (letf (((default-file-modes) ?\700)) (make-directory dir t))
       (setq attrs (file-attributes dir)))
-    ;; Check that it's safe for use.
-    (unless (and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))
-                 (or (eq system-type 'windows-nt)
+    ;; Check that it's safe for use.  Windows doesn't support
+    ;; Posix-style file security, so don't check there.
+    (unless (or (eq system-type 'windows-nt)
+		(and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))
                      (zerop (logand ?\077 (file-modes dir)))))
       (error "The directory %s is unsafe" dir))))
 



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 09:54:13 +0000
From jasonrumney@HIDDEN Sat Aug 22 02:54:13 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.9 required=4.0 tests=FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mail-ew0-f221.google.com (mail-ew0-f221.google.com [209.85.219.221])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7M9sBUa028169
	for <4197@HIDDEN>; Sat, 22 Aug 2009 02:54:12 -0700
Received: by ewy21 with SMTP id 21so1252176ewy.45
        for <4197@HIDDEN>; Sat, 22 Aug 2009 02:54:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:sender:message-id:date:from
         :user-agent:mime-version:to:cc:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=sTVWw5yQdVuObGaUuwX01ptu/gnpZyeaHRfJeDMs/X8=;
        b=CzLIiwkTaLnAZZ90ko0NJdthsYLmA2vpVWUTw9U6D99qBojIdt9bxnw31xMrMXgDjq
         H6X7M8gQkgtReP/18cwjkwHEAd0m9W88POtCV2VFAIeDY6LXPXwXctDHdikhKVmRXaxS
         vYM21sCLpWyPDilDuNnsxL2kXMU5N+IVhqRMU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        b=lYeQ2dHQUTfaJrj3+LlSFPCVouGpAVURneXnL+5CJoDx3t+V0eWS8bn+29lqLVHPP5
         ykjRveBy10zVwDoh4mqF1/H8GBwaihoYyEMiq9TBo1024qGQDVUE+8aqcL+l+2KxPmOV
         tjjggSrw4FuIaO/kp871LRLBASNHHR7W5X1OE=
Received: by 10.210.63.16 with SMTP id l16mr2605203eba.27.1250934845852;
        Sat, 22 Aug 2009 02:54:05 -0700 (PDT)
Received: from ?10.1.0.178? ([89.206.134.87])
        by mx.google.com with ESMTPS id 5sm5023831eyh.36.2009.08.22.02.54.03
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sat, 22 Aug 2009 02:54:04 -0700 (PDT)
Sender: Jason Rumney <jasonrumney@HIDDEN>
Message-ID: <4A8FC00B.9030406@HIDDEN>
Date: Sat, 22 Aug 2009 17:53:15 +0800
From: Jason Rumney <jasonr@HIDDEN>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Stefan Monnier <monnier@HIDDEN>, 4197 <at> debbugs.gnu.org
CC: Drew Adams <drew.adams@HIDDEN>
Subject: Re: bug#4197: 23.1;	error when try to run `server-start': directory
 .emacs.d/server	is	unsafe
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>	<83ocq9h63s.fsf@HIDDEN>	<2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>	<83bpm9gj0d.fsf@HIDDEN>	<CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
In-Reply-To: <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Stefan Monnier wrote:
>> I think Emacs should be able to coexist and behave nicely with FAT32 - don't
>>     
>
> IIUC how Windows on FAT32 works, using emacsserver on such a system
> means that any process running on this machine (from your own user or
> any other user) can control your Emacs session.
>   

Yes. The security feature of emacsclient should probably be abstracted 
so that appropriate methods for the platform can be used.  Then on 
Windows (NT) we could use Security Descriptors directly without relying 
on the filesystem to be secure. Windows 95/98/ME would require a 
different solution, but I don't think it is worth expending any more 
effort than the Yes/No dialog that Eli suggests.





Acknowledgement sent to Jason Rumney <jasonr@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>, owner@HIDDEN:
bug#4197; Package emacs,w32. Full text available.
Merged 865 3281 4197. Request was from Eli Zaretskii <eliz@HIDDEN> to control@HIDDEN. Full text available.
bug reassigned from package 'emacs' to 'emacs,w32'. Request was from Eli Zaretskii <eliz@HIDDEN> to control@HIDDEN. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 08:09:39 +0000
From eliz@HIDDEN Sat Aug 22 01:09:39 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-3.0 required=4.0 tests=AWL,FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout6.012.net.il (mtaout6.012.net.il [84.95.2.16])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7M89b8e009296
	for <4197@HIDDEN>; Sat, 22 Aug 2009 01:09:39 -0700
Received: from conversion-daemon.i-mtaout6.012.net.il by i-mtaout6.012.net.il (HyperSendmail v2007.08) id <0KOR00H00QIFWB00@HIDDEN> for 4197@HIDDEN; Sat, 22 Aug 2009 11:09:31 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i-mtaout6.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KOR00CWHQNQOF20@HIDDEN>; Sat, 22 Aug 2009 11:09:27 +0300 (IDT)
Date: Sat, 22 Aug 2009 11:07:30 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory .emacs.d/server is	unsafe
In-reply-to: <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Stefan Monnier <monnier@HIDDEN>
Cc: drew.adams@HIDDEN, 4197 <at> debbugs.gnu.org
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <83y6pcff0d.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>

> From: Stefan Monnier <monnier@HIDDEN>
> Cc: 4197@HIDDEN,  "'Eli Zaretskii'" <eliz@HIDDEN>
> Date: Sat, 22 Aug 2009 00:49:03 -0400
> 
> > I think Emacs should be able to coexist and behave nicely with FAT32 - don't
> 
> IIUC how Windows on FAT32 works, using emacsserver on such a system
> means that any process running on this machine (from your own user or
> any other user) can control your Emacs session.

That's true.  There's no file security on FAT32 volumes.

I was thinking about displaying yes-or-no-p prompt with a warning to
that effect, but if the user consents, letting them to proceed.  Maybe
we should do that on Posix as well, instead of flatly refusing to run.

WDYT?



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 22 Aug 2009 04:49:27 +0000
From monnier@HIDDEN Fri Aug 21 21:49:27 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-4.8 required=4.0 tests=AWL,FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from ironport2-out.teksavvy.com (ironport2-out.pppoe.ca [206.248.154.182])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7M4nPmO006668
	for <4197@HIDDEN>; Fri, 21 Aug 2009 21:49:26 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqgEABMWj0pFxIHU/2dsb2JhbACBU9MRhBoFgU+GBw
X-IronPort-AV: E=Sophos;i="4.44,254,1249272000"; 
   d="scan'208";a="43953170"
Received: from 69-196-129-212.dsl.teksavvy.com (HELO ceviche.home) ([69.196.129.212])
  by ironport2-out.teksavvy.com with ESMTP; 22 Aug 2009 00:48:22 -0400
Received: by ceviche.home (Postfix, from userid 20848)
	id C5082B40E4; Sat, 22 Aug 2009 00:49:03 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Drew Adams <drew.adams@HIDDEN>
Cc: 4197 <at> debbugs.gnu.org, "'Eli Zaretskii'" <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1; error when try to run `server-start': directory .emacs.d/server is	unsafe
Message-ID: <jwvpraocv6x.fsf-monnier+emacsbugreports@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>
	<83ocq9h63s.fsf@HIDDEN>
	<2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>
	<83bpm9gj0d.fsf@HIDDEN>
	<CACF9392E6804A61B2F604F4D53005C4@HIDDEN>
Date: Sat, 22 Aug 2009 00:49:03 -0400
In-Reply-To: <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> (Drew Adams's
	message of "Fri, 21 Aug 2009 11:12:16 -0700")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

> I think Emacs should be able to coexist and behave nicely with FAT32 - don't

IIUC how Windows on FAT32 works, using emacsserver on such a system
means that any process running on this machine (from your own user or
any other user) can control your Emacs session.


        Stefan



Acknowledgement sent to Stefan Monnier <monnier@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 21:34:40 +0000
From drew.adams@HIDDEN Fri Aug 21 14:34:40 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-4.1 required=4.0 tests=AWL,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from acsinet12.oracle.com (acsinet12.oracle.com [141.146.126.234])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LLYdPW030455
	for <4197@HIDDEN>; Fri, 21 Aug 2009 14:34:40 -0700
Received: from rgminet15.oracle.com (rcsinet15.oracle.com [148.87.113.117])
	by acsinet12.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LLXxGM011554
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 21 Aug 2009 21:34:00 GMT
Received: from abhmt010.oracle.com (abhmt010.oracle.com [141.146.116.19])
	by rgminet15.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LLYRiE031643;
	Fri, 21 Aug 2009 21:34:28 GMT
Received: from dradamslap1 (/141.144.245.31)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 21 Aug 2009 14:03:54 -0700
From: "Drew Adams" <drew.adams@HIDDEN>
To: "'Eli Zaretskii'" <eliz@HIDDEN>
Cc: <4197 <at> debbugs.gnu.org>, <lennart.borgman@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <838whdggwz.fsf@HIDDEN> <6020B772F1FA4D3BB5EFF3426271FC41@HIDDEN> <834os0hpld.fsf@HIDDEN>
Subject: RE: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
Date: Fri, 21 Aug 2009 14:03:52 -0700
Message-ID: <8BFB21BC91C14EDEACDC7091040CFB44@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <834os0hpld.fsf@HIDDEN>
Thread-Index: AcoioT16gnXqJlGdQriixO2empQRgAAAWZUA
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Source-IP: abhmt010.oracle.com [141.146.116.19]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090206.4A8F12E5.012D:SCFSTAT5015188,ss=1,fgs=0

> I don't think we need to change the value of
> w32-get-true-file-attributes on FAT32 volumes.  All we need is fix
> server.el to not barf on FAT32 volumes.  I'll see what I can do.

OK, great.

> > There is no reason to be defensive (if you are doing that) about a
> > bug.
> 
> There's no need to become angry, either.

I'm not at all angry (if you meant me).

And I'm grateful that this will be fixed.




Acknowledgement sent to "Drew Adams" <drew.adams@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 20:38:12 +0000
From eliz@HIDDEN Fri Aug 21 13:38:12 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,GMAIL,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout1.012.net.il (mtaout1.012.net.il [84.95.2.1])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LKc9Hk020440
	for <4197@HIDDEN>; Fri, 21 Aug 2009 13:38:12 -0700
Received: from conversion-daemon.i-mtaout1.012.net.il by i-mtaout1.012.net.il (HyperSendmail v2007.08) id <0KOQ00700U1R0B00@HIDDEN> for 4197@HIDDEN; Fri, 21 Aug 2009 23:37:57 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i-mtaout1.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KOQ009ZEUN71U30@HIDDEN>; Fri, 21 Aug 2009 23:37:56 +0300 (IDT)
Date: Fri, 21 Aug 2009 23:35:58 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
In-reply-to: <6020B772F1FA4D3BB5EFF3426271FC41@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Drew Adams <drew.adams@HIDDEN>
Cc: 4197 <at> debbugs.gnu.org, lennart.borgman@HIDDEN
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <834os0hpld.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <838whdggwz.fsf@HIDDEN> <6020B772F1FA4D3BB5EFF3426271FC41@HIDDEN>

> From: "Drew Adams" <drew.adams@HIDDEN>
> Cc: <4197@HIDDEN>, <lennart.borgman@HIDDEN>
> Date: Fri, 21 Aug 2009 11:55:27 -0700
> 
> But if the default value of the variable is inappropriate for some platform
> (disk format), then it should be changed - at least on that platform.
> 
> Can you not test for this (e.g. using code similar to what you asked me to
> evaluate to test this), and set the default value accordingly?

I don't think we need to change the value of
w32-get-true-file-attributes on FAT32 volumes.  All we need is fix
server.el to not barf on FAT32 volumes.  I'll see what I can do.

> There is no reason to be defensive (if you are doing that) about a
> bug.

There's no need to become angry, either.

> I can understand that a developer wants to show off new, enhanced behavior, but
> that shouldn't be the default if it leads to fundamental problems.

This developer simply doesn't have enough time to fix everything right
away.  That is the only reason this bug is not yet fixed.  That, and
the fact that no one else beat me to it.  There's no show-off anywhere
in sight.



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 18:55:42 +0000
From drew.adams@HIDDEN Fri Aug 21 11:55:42 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-4.0 required=4.0 tests=AWL,FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from rgminet11.oracle.com (rcsinet11.oracle.com [148.87.113.123])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LIteFX001226
	for <4197@HIDDEN>; Fri, 21 Aug 2009 11:55:42 -0700
Received: from rgminet15.oracle.com (rcsinet15.oracle.com [148.87.113.117])
	by rgminet11.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LItpjZ004911
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 21 Aug 2009 18:55:52 GMT
Received: from abhmt005.oracle.com (abhmt005.oracle.com [141.146.116.14])
	by rgminet15.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LItZF1020162;
	Fri, 21 Aug 2009 18:55:35 GMT
Received: from dradamslap1 (/141.144.245.31)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 21 Aug 2009 11:55:31 -0700
From: "Drew Adams" <drew.adams@HIDDEN>
To: "'Eli Zaretskii'" <eliz@HIDDEN>
Cc: <4197 <at> debbugs.gnu.org>, <lennart.borgman@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN> <838whdggwz.fsf@HIDDEN>
Subject: RE: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
Date: Fri, 21 Aug 2009 11:55:27 -0700
Message-ID: <6020B772F1FA4D3BB5EFF3426271FC41@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <838whdggwz.fsf@HIDDEN>
Thread-Index: AcoijYPFJtCKbNplQkKXoYIvuom5XAAAGWUg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Source-IP: abhmt005.oracle.com [141.146.116.14]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090205.4A8EEDA4.00EB:SCFSTAT5015188,ss=1,fgs=0

> > OK, but FAT32 is very common. I wonder about the default 
> > for the variable being non-nil, even after the bug is fixed,
> > but especially before then.
> 
> The variable does more than just influence server.el.  It makes
> file-attributes more accurate, which has its own benefits, most
> prominently in Dired.

I don't doubt that. I know that NTFS offers a good deal more in terms of file
security possibilities than does FAT32.

But if the default value of the variable is inappropriate for some platform
(disk format), then it should be changed - at least on that platform.

Can you not test for this (e.g. using code similar to what you asked me to
evaluate to test this), and set the default value accordingly?

Or perhaps (since a user can have multiple drives with different formats) the
code that uses this option should check whether a non-nil value makes sense for
the drive in question, before simply proceeding as it does today.

Anyway, I'm unfamilar with the implementation, and I'm no expert on this
subject, so I'll leave the bug fix to others. From a user point of view,
something needs to be fixed here; that's all.

> > > Can you perhaps convert the drive to NTFS?
> > 
> > No. Is it a joke?
> 
> No, I tried to help you work around the problem (and get a better
> filesystem while at that).
> 
> > This is not my personal laptop. This is the standard issue for my
> > company.
> 
> I couldn't know that, could I?

No, I didn't say that you could have or should have. You asked, and I told you;
that's all.

I'm letting you know that (a) no, unfortunately, I cannot change the drive
format, (b) changing the drive format cannot be the general answer to the
problem, even if it might help some users sometimes, and (c) this is a
widespread policy, in at least some organizations, so this likely does not
represent an isolated case, even if it's the first reported case.

> > I think Emacs should be able to coexist and behave nicely 
> > with FAT32 - don't you?
> 
> I do, and it does -- mostly.

Clearly I meant including in this regard - the question at hand.

There is no reason to be defensive (if you are doing that) about a bug. I can
understand that the bug might be difficult to fix in the best way, and that
takes time.

In the meantime, something can perhaps be done as a preventive measure. If the
drive format for Windows could be tested, that might be a solution. If not, if
nothing else can be done in the immediate, then I would suggest changing the
default for at least all Windows users to nil. 

IOW, better to forego the bells and whistles while waiting for a real fix, and
to at least let users use emacsclient without customizing. In this meantime
period, the doc can let Windows users know that if they happen to have NTFS
storage, then they can get more bells and whistles by changing the value to
non-nil.

I can understand that a developer wants to show off new, enhanced behavior, but
that shouldn't be the default if it leads to fundamental problems. Users who
have NTFS can easily customize to get the enhanced behavior.

> > It doesn't make sense to make the default behavior 
> > dependent on assuming that users do not have FAT32 and are
> > not in the local Administrators group. IMO.
> > That's a crippling assumption.
> 
> The code in server.el assumes a Posix filesystem.  We are trying to
> get it to work nicely on Windows, when some of these assumptions don't
> hold.

I understand. Good.

> IOW, no one specifically assumed users do not have FAT32.

I didn't think so. I imagine that it was just an oversight (implicit
assumption).

> > Beyond the message text, what does it mean? Where is this 
> > notion of "unsafe directory" documented in the manuals?
> 
> It is a more or less common knowledge in the Posix world.  But I do
> agree that the message text should be more self-explanatory.

The world of Emacs users is not identical to the Posix world. Emacs doc should
not assume that Emacs users have all the "common knowledge" of the Posix world.

This needs to be documented, beyond the error message. Users need to know how to
use this, including, at least for now, how to use it with FAT32 vs NTFS.

> > I think this should be explained in the manual(s) - we 
> > shouldn't simply improve the message (though that too should
> > be done). It is especially important to
> > document things that concern safety (if this really does).
> 
> If the message is explicit enough, it will explain itself.

The message explaining itself will be corrected when the message is corrected.

My concern is beyond the message: Providing the essential info in this bug
report to users. Thx.




Acknowledgement sent to "Drew Adams" <drew.adams@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 18:30:51 +0000
From eliz@HIDDEN Fri Aug 21 11:30:51 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,FOURLA,GMAIL,
	HAS_BUG_NUMBER autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout7.012.net.il (mtaout7.012.net.il [84.95.2.19])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LIUnFh029355
	for <4197@HIDDEN>; Fri, 21 Aug 2009 11:30:50 -0700
Received: from conversion-daemon.i-mtaout7.012.net.il by i-mtaout7.012.net.il (HyperSendmail v2007.08) id <0KOQ00D00OR28H00@HIDDEN> for 4197@HIDDEN; Fri, 21 Aug 2009 21:30:42 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i-mtaout7.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KOQ00271OR6KDF0@HIDDEN>; Fri, 21 Aug 2009 21:30:42 +0300 (IDT)
Date: Fri, 21 Aug 2009 21:28:44 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
In-reply-to: <CACF9392E6804A61B2F604F4D53005C4@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Drew Adams <drew.adams@HIDDEN>
Cc: 4197 <at> debbugs.gnu.org, lennart.borgman@HIDDEN
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <838whdggwz.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN> <CACF9392E6804A61B2F604F4D53005C4@HIDDEN>

> From: "Drew Adams" <drew.adams@HIDDEN>
> Cc: <4197@HIDDEN>, <lennart.borgman@HIDDEN>
> Date: Fri, 21 Aug 2009 11:12:16 -0700
> 
> OK, but FAT32 is very common. I wonder about the default for the variable being
> non-nil, even after the bug is fixed, but especially before then.

The variable does more than just influence server.el.  It makes
file-attributes more accurate, which has its own benefits, most
prominently in Dired.

> > Can you perhaps convert the drive to NTFS?
> 
> No. Is it a joke?

No, I tried to help you work around the problem (and get a better
filesystem while at that).

> This is not my personal laptop. This is the standard issue for my
> company.

I couldn't know that, could I?

> I think Emacs should be able to coexist and behave nicely with FAT32 - don't
> you?

I do, and it does -- mostly.

> It doesn't make sense to make the default behavior dependent on assuming that
> users do not have FAT32 and are not in the local Administrators group. IMO.
> That's a crippling assumption.

The code in server.el assumes a Posix filesystem.  We are trying to
get it to work nicely on Windows, when some of these assumptions don't
hold.  IOW, no one specifically assumed users do not have FAT32.

> Beyond the message text, what does it mean? Where is this notion of "unsafe
> directory" documented in the manuals?

It is a more or less common knowledge in the Posix world.  But I do
agree that the message text should be more self-explanatory.

> I think this should be explained in the manual(s) - we shouldn't simply improve
> the message (though that too should be done). It is especially important to
> document things that concern safety (if this really does).

If the message is explicit enough, it will explain itself.



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 18:12:33 +0000
From drew.adams@HIDDEN Fri Aug 21 11:12:33 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-4.0 required=4.0 tests=AWL,FOURLA,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from acsinet11.oracle.com (acsinet11.oracle.com [141.146.126.233])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LICWlt025892
	for <4197@HIDDEN>; Fri, 21 Aug 2009 11:12:33 -0700
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227])
	by acsinet11.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LID6tQ021161
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 21 Aug 2009 18:13:09 GMT
Received: from abhmt001.oracle.com (abhmt001.oracle.com [141.146.116.10])
	by acsinet15.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LID8pO007191;
	Fri, 21 Aug 2009 18:13:09 GMT
Received: from dradamslap1 (/141.144.245.31)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 21 Aug 2009 11:12:20 -0700
From: "Drew Adams" <drew.adams@HIDDEN>
To: "'Eli Zaretskii'" <eliz@HIDDEN>
Cc: <4197 <at> debbugs.gnu.org>, <lennart.borgman@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN> <83bpm9gj0d.fsf@HIDDEN>
Subject: RE: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
Date: Fri, 21 Aug 2009 11:12:16 -0700
Message-ID: <CACF9392E6804A61B2F604F4D53005C4@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <83bpm9gj0d.fsf@HIDDEN>
Thread-Index: Acoih2HJXeaZx8T8ToK+jD1zC2vIiAAAB5Hw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Source-IP: abhmt001.oracle.com [141.146.116.10]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090209.4A8EE386.002D:SCFSTAT5015188,ss=1,fgs=0

> Ah! a FAT32 filesystem!

You sound surprised. That's really not uncommon. ;-) Might even be more common
than NTFS.

> > If this is the same as #865, then I guess it is pretty old.
> 
> It's been on my TODO forever to fix this, and I even wrote some code
> towards that goal.  But the problem is not easy to crack, since
> Windows sometimes attribute files not to the user who created them,
> but to the Administrators group instead, and that doesn't go well with
> the Posix-at-heart code which triggers this error.  Eventually, we
> will need to add more code to file-attributes and to make-directory,
> so that Emacs could create really private directories on Windows.
> 
> > Dunno whether my laptop configuration (Windows XP SP3,
> > with FAT32 drive) is atypical or not.
> 
> It's the FAT32 thing that trips you.  It doesn't support Windows
> native security features, so every file is attributed to Everyone
> (user-id of zero).

OK, but FAT32 is very common. I wonder about the default for the variable being
non-nil, even after the bug is fixed, but especially before then.

> emacsclient wants to be sure the directory where
> it places its socket file cannot be written to by any other user, but
> the fact its owner is Everyone, not you, tells emacsclient that the
> directory isn't private.
> 
> Can you perhaps convert the drive to NTFS?

No. Is it a joke?

FWIW, when I had a personal machine, I used NTFS. This is not my personal
laptop. This is the standard issue for my company. My guess is that others,
beyond my company, are in the same boat. The answer is not to ask them to
convert their disk drives.

I think Emacs should be able to coexist and behave nicely with FAT32 - don't
you? If some extra Emacs features are not available for FAT32, so be it, but
using FAT32 should not prevent one from using Emacs (e.g. emacsclient).

> > If not, until the bug is fixed you might consider changing 
> > the default value to nil, since this stops users with a
> > similar config from using emacsclient at all (out of the box,
> > emacs -Q). Unless they know about the workaround, that is.
> 
> We never heard about the problem until now, since Emacs 23 was
> released (the original bug was reported long ago, when Emacs 23 was
> still in development).  So it seems the problem is not too frequent:
> the number of people who use emacsclient on a FAT32 volume or that
> belong to the local Administrators group is apparently low enough for
> this gotcha not to hit too frequently.

I wouldn't bet on that at all.

* Emacs 23 was just released. I never tried to use emacsclient - I did so in
order to follow a bug report (for my code, and unrelated to emacsclient, as it
turns out).

* FAT32 is very common.

* AFAIK, every user in my company belongs to the local Administrators group for
his/her machine (e.g. laptop), so that s?he can easily install stuff etc. Other
organizations might have similar policies.

It doesn't make sense to make the default behavior dependent on assuming that
users do not have FAT32 and are not in the local Administrators group. IMO.
That's a crippling assumption.

> > Without your help, I never would have guessed it. I don't 
> > even understand the error message, "The directory is unsafe"
> > - maybe that message could refer me to
> > a manual section explaining unsafe directories?
> 
> I will add this to PROBLEMS, and look into modifying the message.  I
> think the message text is not very clear even on Unix.  Thanks for
> pointing this out.

Beyond the message text, what does it mean? Where is this notion of "unsafe
directory" documented in the manuals?

I see in the Emacs manual a discussion of unsafe variables, but not of unsafe
directories. I see in the Elisp manual mention of unsafe variables and unsafe
functions, but nothing about unsafe directories.

I think this should be explained in the manual(s) - we shouldn't simply improve
the message (though that too should be done). It is especially important to
document things that concern safety (if this really does).

Thx - Drew




Acknowledgement sent to "Drew Adams" <drew.adams@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 17:45:37 +0000
From eliz@HIDDEN Fri Aug 21 10:45:36 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-1.9 required=4.0 tests=AWL,FOURLA,GMAIL,
	HAS_BUG_NUMBER,IMPRONONCABLE_1,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout6.012.net.il (mtaout6.012.net.il [84.95.2.16])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LHjYjl020832
	for <4197@HIDDEN>; Fri, 21 Aug 2009 10:45:36 -0700
Received: from conversion-daemon.i-mtaout6.012.net.il by i-mtaout6.012.net.il (HyperSendmail v2007.08) id <0KOQ00I00MF7IF00@HIDDEN> for 4197@HIDDEN; Fri, 21 Aug 2009 20:45:28 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i-mtaout6.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KOQ007HAMNRHS50@HIDDEN>; Fri, 21 Aug 2009 20:45:28 +0300 (IDT)
Date: Fri, 21 Aug 2009 20:43:30 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
In-reply-to: <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Drew Adams <drew.adams@HIDDEN>
Cc: 4197 <at> debbugs.gnu.org, lennart.borgman@HIDDEN
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <83bpm9gj0d.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN> <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>

> From: "Drew Adams" <drew.adams@HIDDEN>
> Cc: "'Lennart Borgman'" <lennart.borgman@HIDDEN>
> Date: Fri, 21 Aug 2009 07:30:11 -0700
> 
> > I think this is the same as bug #865; merged.
> > What do the following three expression evaluate to, in the 
> > Emacs session that signals this error?
> > 
> >   (user-uid)
> 
> 19729
> 
> >   (file-attributes "c:/.emacs.d/server/" 'integer)
> 
> (t 1 0 0 (18967 40688) (18657 6612) (18657 6611) 0
>  "drwxrwxrwx" t (572354 . 24704) 240391127)
> 
> >   (file-attributes "c:/.emacs.d/server/" 'string)
> 
> (t 1 "Everyone" "Everyone" (18967 40688) (18657 6612)
>  (18657 6611) 0 "drwxrwxrwx" t (572354 . 24704) 240391127)

Ah! a FAT32 filesystem!

> If this is the same as #865, then I guess it is pretty old.

It's been on my TODO forever to fix this, and I even wrote some code
towards that goal.  But the problem is not easy to crack, since
Windows sometimes attribute files not to the user who created them,
but to the Administrators group instead, and that doesn't go well with
the Posix-at-heart code which triggers this error.  Eventually, we
will need to add more code to file-attributes and to make-directory,
so that Emacs could create really private directories on Windows.

> Dunno whether my
> laptop configuration (Windows XP SP3, with FAT32 drive) is atypical or not.

It's the FAT32 thing that trips you.  It doesn't support Windows
native security features, so every file is attributed to Everyone
(user-id of zero).  emacsclient wants to be sure the directory where
it places its socket file cannot be written to by any other user, but
the fact its owner is Everyone, not you, tells emacsclient that the
directory isn't private.

Can you perhaps convert the drive to NTFS?

> If not, until the bug is fixed you might consider changing the default value to
> nil, since this stops users with a similar config from using emacsclient at all
> (out of the box, emacs -Q). Unless they know about the workaround, that is.

We never heard about the problem until now, since Emacs 23 was
released (the original bug was reported long ago, when Emacs 23 was
still in development).  So it seems the problem is not too frequent:
the number of people who use emacsclient on a FAT32 volume or that
belong to the local Administrators group is apparently low enough for
this gotcha not to hit too frequently.

> Without your help, I never would have guessed it. I don't even understand the
> error message, "The directory is unsafe" - maybe that message could refer me to
> a manual section explaining unsafe directories?

I will add this to PROBLEMS, and look into modifying the message.  I
think the message text is not very clear even on Unix.  Thanks for
pointing this out.



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 15:01:09 +0000
From drew.adams@HIDDEN Fri Aug 21 08:01:09 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.9 required=4.0 tests=AWL,HAS_BUG_NUMBER,
	IMPRONONCABLE_1,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2,NUMONLY autolearn=ham
	version=3.2.5-bugs.debian.org_2005_01_02
Received: from acsinet11.oracle.com (acsinet11.oracle.com [141.146.126.233])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7LF186d022073
	for <4197@HIDDEN>; Fri, 21 Aug 2009 08:01:09 -0700
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227])
	by acsinet11.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LF1ijd013282
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 21 Aug 2009 15:01:45 GMT
Received: from abhmt016.oracle.com (abhmt016.oracle.com [141.146.116.25])
	by acsinet15.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7LF1kPt017068;
	Fri, 21 Aug 2009 15:01:46 GMT
Received: from dradamslap1 (/141.144.245.31)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 21 Aug 2009 07:30:17 -0700
From: "Drew Adams" <drew.adams@HIDDEN>
To: "'Eli Zaretskii'" <eliz@HIDDEN>, <4197 <at> debbugs.gnu.org>
Cc: "'Lennart Borgman'" <lennart.borgman@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN> <83ocq9h63s.fsf@HIDDEN>
Subject: RE: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
Date: Fri, 21 Aug 2009 07:30:11 -0700
Message-ID: <2BFC5C014BD64D93A209629F9B852FFC@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <83ocq9h63s.fsf@HIDDEN>
Thread-Index: AcoiQYHWU8kBHgXWTE6WAekpOgRpYwAKHFtw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Source-IP: abhmt016.oracle.com [141.146.116.25]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090205.4A8EB6AB.0163:SCFSTAT5015188,ss=1,fgs=0

> I think this is the same as bug #865; merged.
> What do the following three expression evaluate to, in the 
> Emacs session that signals this error?
> 
>   (user-uid)

19729

>   (file-attributes "c:/.emacs.d/server/" 'integer)

(t 1 0 0 (18967 40688) (18657 6612) (18657 6611) 0
 "drwxrwxrwx" t (572354 . 24704) 240391127)

>   (file-attributes "c:/.emacs.d/server/" 'string)

(t 1 "Everyone" "Everyone" (18967 40688) (18657 6612)
 (18657 6611) 0 "drwxrwxrwx" t (572354 . 24704) 240391127)

> Finally, does it help to set w32-get-true-file-attributes to nil?

Yes! Thanks for your prompt reply.

If this is the same as #865, then I guess it is pretty old. Dunno whether my
laptop configuration (Windows XP SP3, with FAT32 drive) is atypical or not.

If not, until the bug is fixed you might consider changing the default value to
nil, since this stops users with a similar config from using emacsclient at all
(out of the box, emacs -Q). Unless they know about the workaround, that is.
Without your help, I never would have guessed it. I don't even understand the
error message, "The directory is unsafe" - maybe that message could refer me to
a manual section explaining unsafe directories?

Anyway, thanks for the workaround.




Acknowledgement sent to "Drew Adams" <drew.adams@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at 4197@HIDDEN:


Received: (at 4197) by emacsbugs.donarmstrong.com; 21 Aug 2009 09:26:46 +0000
From eliz@HIDDEN Fri Aug 21 02:26:46 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-3.2 required=4.0 tests=AWL,HAS_BUG_NUMBER
	autolearn=ham version=3.2.5-bugs.debian.org_2005_01_02
Received: from mtaout7.012.net.il (mtaout7.012.net.il [84.95.2.19])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7L9Qht0027025
	for <4197@HIDDEN>; Fri, 21 Aug 2009 02:26:46 -0700
Received: from conversion-daemon.i-mtaout7.012.net.il by i-mtaout7.012.net.il (HyperSendmail v2007.08) id <0KOP00E00Z367300@HIDDEN> for 4197@HIDDEN; Fri, 21 Aug 2009 12:26:37 +0300 (IDT)
Received: from HOME-C4E4A596F7 ([84.228.180.85]) by i-mtaout7.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KOP004JDZKCB330@HIDDEN>; Fri, 21 Aug 2009 12:26:37 +0300 (IDT)
Date: Fri, 21 Aug 2009 12:24:39 +0300
From: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#4197: 23.1;	error when try to run `server-start': directory .emacs.d/server is	unsafe
In-reply-to: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>
X-012-Sender: halo1@HIDDEN
To: Drew Adams <drew.adams@HIDDEN>, 4197 <at> debbugs.gnu.org
Reply-to: Eli Zaretskii <eliz@HIDDEN>
Message-id: <83ocq9h63s.fsf@HIDDEN>
References: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>


merge 865 4197

> From: "Drew Adams" <drew.adams@HIDDEN>
> Date: Tue, 18 Aug 2009 20:25:25 -0700
> Cc: 
> 
> In the Emacs bin directory:
>  
> .\cmdproxy.exe
>  
> At the cmd prompt:
>  
> .\runemacs.exe -Q
>  
> In *scratch* buffer, eval this: (server-start)
>  
> Debugger entered--Lisp error: (error "The directory c:/.emacs.d/server is
> unsafe")
>   signal(error ("The directory c:/.emacs.d/server is unsafe"))
>   error("The directory %s is unsafe" "c:/.emacs.d/server")
>   server-ensure-safe-dir("c:/.emacs.d/server/")
>   server-start()
>   eval((server-start))
>   eval-last-sexp-1(nil)
>   eval-last-sexp(nil)
>   call-interactively(eval-last-sexp nil nil)

I think this is the same as bug #865; merged.

What do the following three expression evaluate to, in the Emacs session
that signals this error?

  (user-uid)

  (file-attributes "c:/.emacs.d/server/" 'integer)

  (file-attributes "c:/.emacs.d/server/" 'string)

Finally, does it help to set w32-get-true-file-attributes to nil?



Acknowledgement sent to Eli Zaretskii <eliz@HIDDEN>:
Extra info received and forwarded to list. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Information forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.

Message received at submit@HIDDEN:


Received: (at submit) by emacsbugs.donarmstrong.com; 19 Aug 2009 03:25:33 +0000
From drew.adams@HIDDEN Tue Aug 18 20:25:33 2009
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on rzlab.ucr.edu
X-Spam-Level: 
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,FOURLA autolearn=no
	version=3.2.5-bugs.debian.org_2005_01_02
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7J3PVQT026665
	for <submit@HIDDEN>; Tue, 18 Aug 2009 20:25:32 -0700
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Mdbnn-0003AY-4v
	for bug-gnu-emacs@HIDDEN; Tue, 18 Aug 2009 23:25:31 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Mdbni-0003AG-Bj
	for bug-gnu-emacs@HIDDEN; Tue, 18 Aug 2009 23:25:30 -0400
Received: from [199.232.76.173] (port=51324 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1Mdbni-0003AD-5J
	for bug-gnu-emacs@HIDDEN; Tue, 18 Aug 2009 23:25:26 -0400
Received: from rcsinet12.oracle.com ([148.87.113.124]:43911 helo=rgminet12.oracle.com)
	by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60)
	(envelope-from <drew.adams@HIDDEN>)
	id 1Mdbnh-0004wL-Ng
	for bug-gnu-emacs@HIDDEN; Tue, 18 Aug 2009 23:25:25 -0400
Received: from rgminet15.oracle.com (rcsinet15.oracle.com [148.87.113.117])
	by rgminet12.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7J3PGkK013767
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <bug-gnu-emacs@HIDDEN>; Wed, 19 Aug 2009 03:25:17 GMT
Received: from abhmt009.oracle.com (abhmt009.oracle.com [141.146.116.18])
	by rgminet15.oracle.com (Switch-3.3.1/Switch-3.3.1) with ESMTP id n7J3PNoj002840
	for <bug-gnu-emacs@HIDDEN>; Wed, 19 Aug 2009 03:25:24 GMT
Received: from dradamslap1 (/141.144.160.29)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Tue, 18 Aug 2009 20:25:20 -0700
From: "Drew Adams" <drew.adams@HIDDEN>
To: <bug-gnu-emacs@HIDDEN>
Subject: 23.1; error when try to run `server-start': directory .emacs.d/server is unsafe
Date: Tue, 18 Aug 2009 20:25:25 -0700
Message-ID: <86F491CE4D5C4E80B9B4FD5F110C3F12@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcogfLEOdYaitpOmS9OwIx2IQhgwIQ==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Source-IP: abhmt009.oracle.com [141.146.116.18]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090207.4A8B70A1.0033:SCFSTAT5015188,ss=1,fgs=0
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1)

In the Emacs bin directory:
 
.\cmdproxy.exe
 
At the cmd prompt:
 
.\runemacs.exe -Q
 
In *scratch* buffer, eval this: (server-start)
 
Debugger entered--Lisp error: (error "The directory c:/.emacs.d/server is
unsafe")
  signal(error ("The directory c:/.emacs.d/server is unsafe"))
  error("The directory %s is unsafe" "c:/.emacs.d/server")
  server-ensure-safe-dir("c:/.emacs.d/server/")
  server-start()
  eval((server-start))
  eval-last-sexp-1(nil)
  eval-last-sexp(nil)
  call-interactively(eval-last-sexp nil nil)
 

In GNU Emacs 23.1.1 (i386-mingw-nt5.1.2600)
 of 2009-07-29 on SOFT-MJASON
Windowing system distributor `Microsoft Corp.', version 5.1.2600
configured using `configure --with-gcc (4.4)'
 





Acknowledgement sent to "Drew Adams" <drew.adams@HIDDEN>:
New bug report received and forwarded. Copy sent to Emacs Bugs <bug-gnu-emacs@HIDDEN>. Full text available.
Report forwarded to bug-submit-list@HIDDEN, Emacs Bugs <bug-gnu-emacs@HIDDEN>:
bug#4197; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 31 Oct 2014 17:00:04 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.